inWebo 2nd-Step Scenario

The authentication server verifies trusted device credentials

After Emily has signed in to her account, she wants to make a transaction. If your score for that transaction requires an additional security verification, you can challenge her to prove that she has access to one of her trusted devices. A device is trusted to belong to Emily by inWebo if it has been enrolled and contains some data that have been linked to Emily’s profile (device credentials).

If someone signed in to your application with Emily’s password in the first place, then was able to prove to have access to one of Emily’s trusted devices, the chances are very high that this person is indeed Emily. Actually, the device credentials are not transferred to inWebo authentication server, only a cryptographic proof – a one-time hash code – is transferred. In this mode, only the device credentials verification is delegated to inWebo, while Emily signs in to your application with her usual password.